Skip to main content

Why your Amazon Echo could be a prime gateway for snoopers

Published on: 17 Aug 2018

Amazon’s Echo digital assistant can be hacked to access other Echos on the same wireless network and then turn them into bugging devices, TheRegister.co.uk reports.

The process is complex and hard to produce, but Wu HuiYu and Qian Wenxiang - two Chinese security researchers working for Tencent - have demonstrated how it was possible at the DEF CON hacking conference in Las Vegas.

They explained how they exploited multiple vulnerabilities to remotely attack one of the most popular smart speakers on the market, adding that their final attack effects include silent listening, control speaker speaking content and other demonstrations.

Before you unplug your Echo and throw it outside, the process requires custom hardware, firmware and access to your Wi-Fi network.

The two researchers said they had to remove a flash memory chip on their own Echo, upload new firmware, then solder the chip back on to the device.

From there, they accessed the same Wi-Fi network as their target before taking advantage of Amazon's software feature that allows different Echo devices to communicate with one another and were then able to listen in silently to audio heard by other Echos on the Wi-Fi network.